Is Apple using the Windows Safari Beta Test to stamp out iPhone security holes?
Posted by Dr. Macenstein
Within hours of Apple releasing the Safari 3 beta for Windows, computer geeks from around the world began pointing out various security holes in the browser. The most notable computer geek being David Maynor ( he of the infamous MacBook Wi-Fi exploit) who found a number of potential denial-of-service attack executions in the beta. A day later Apple released a security patch addressing a handful of the largest of these exploits.
With the iPhone’s launch a mere 2 weeks away, this got me to thinking. The iPhone has a “full version” (minus Flash support, apparently) of Safari running on it. Apple has repeatedly said it does not want developers writing “real” apps for the iPhone due to security risks for cellular networks.
Is there a chance Apple is hoping that by releasing a beta of Safari for Windows, it can let the hacking community do its QC work for it?
Having a successful, bug-free launch for the iPhone means a great deal to Apple. On the other hand, being the first to exploit a vulnerability in the iPhone that brings down AT&T’s entire network means a great deal to any hacker worth the title.
The speed with which Apple posted the first rounds of Safari updates indicates to me that Apple fully expected holes to be found, and made sure they had a team ready to quickly tackle any issues that may have arisen. Apple is usually pretty fast in responding to known security exploits, but not that fast. In the past it has usually taken them about 2-3 weeks to plug a reported QuickTime hole.
Some people feel Apple released the Safari beta for Windows users in order to entice more of the global (ie, non-Mac) programming community to consider writing apps for the iPhone. However, since Jobs mentioned that the iPhone apps are pretty much just Ajax code, this seems like a lame argument. I’m pretty sure the 5000 or so developers who attended the WWDC can handle writing the various “get movie times” and “find lowest gas prices near me” iPhone apps that Ajax can give us. No need to bring in extra programming help for what essentially many high school kids are being taught how to do.
So, is it possible that Apple is using the beta to close as many holes as it can leading up to the iPhone’s launch? With so much of the iPhone’s success relying on Safari, I wouldn’t be surprised.
But iPhone uses OS X and OS X Safari, no? Or is Safari 3 the same on all platforms? If that’s the case, programming for iPhone is diddley-squat because Apple will have suddenly made programming platform agnostic.
Doubtful.
hmm… well, how many of those holes they found in the windows version apply to the Mac Os? Because that’s what the iPhone is running. Although I guess some universal problems they found like javascript code stuff would apply. Hackers are amazing, when you think about it, maybe even cooler than the people who think up the apps in the first place, are people who can look at an app and see where someone f’d up.
ha ha, Rick, we must have posted at the same time! great minds, and such.
Although Rick and Neon are correct in that bugs have only so far been found in the Windows version of Safari, that doesn’t mean that Apple isn’t expecting a few Mac OS X Safari bugs to be found, and figures that releasing a Windows version means there will be that many more hackers looking at it.
Not to sound jerkish, but last I checked, your theory is one valid purpose of a beta: to find and plug holes.
Absolutely Patrick,
But what I am saying is I think the timing of the beta seems suspect. Apple is likely specifically attempting to get the much larger Windows community of developers to debug Safari so the iPhone will be secure at launch (or soon after) by discovering the bigger, more obvious holes now. Apple is not simply trying to make a nice looking, secure Windows browser.
-The Doc
Many critics have pointed out that Safari for Windows is not Windows enough for Windows users. I think THAT is the point.
The Safari for Windows UI is like the Safari for Mac UI; also like the Safari for iPhone. Windows users planning to buy an iPhone need to learn Safari.
That means Apple had to release Safari for Windows BEFORE the iPhone – ready or not.
Geniver, I don’t think that’s it.
The version of Safari on the iPhone looks a hell of a lot different from both the Mac/Windows versions. It is blue, doesn’t seem to have tabs, only the “+” and bookmark symbol seem to be the same, and they are in different locations than “the real” Safari. I think both Mac and PC users will have the same amount of “trouble” adjusting to it.
Plus, what is there really to get used to in safari, as opposed to any other browser? Once you understand the basic concepts of tabs, bookmarks, etc., all browsers are the same.
now that you mention it, why IS Safari’ UI all blue on the iPhone? Why not match leopard?
It was the Cuban on the grassy knoll.
Well, since Safari for windows will communicate with the iPhone via iTunes syncing, odds are Safari is as good a place as any to look for a way into the iPhone. Web browsers are inherently the easiest way into a computer system.
Does anyone else think that apple is trying to create a write once use on Windows and Mac platforms? Maybe another checkbox in XCode that will compile for Windows not just Intel or PPC Mac. Just a thought
Oh my god. This is the most trite crap I think I’ve ever had the misfortune of reading over the internet.
Apple did 9/11!!!!!!
The holes that security analysts (I hate the frequent misuse of the term “hackers”) have found on Safari on Windows have absolutely no relevance to the iPhone. As somebody has already pointed out, the iPhone runs a variant of Mac OS X with a variant of Safari. How one could make the intellectual leap from Windows to iPhone is beyond me.
Although the iPhone may be running on OS X, the cellular networks are probably running Windows, or some weird Linux variant, but more likely Windows.
Since it is AT&T feeding the phone the internet signal, so any exploit could potentially take down the entire cell phone provider.
I think it’s less of a matter “what can you do to the phone”, seeing as Phones are pretty minimalist devices, a virus will have a hard time crippling a cell phone, however it is a question of “what can the phone do to the provider”
Safari for Windows has a different set of vulnerabilities from Safari for Mac. Besides, porting Safari to Windows must have been a huge task, not something you’d do for a two-week test run. Let’s just say you were thinking out loud. Interesting theory, but I think it just happens to be wrong.
Apple just released a very very crappy product. When Microsoft does this we call them on it, and the same should be true for Apple or any other company. Let’s call a spade a spade..mmkay?
Safari isn’t even good enough for its native OSX, so why even bother porting it to Windows or Linux.
This article is way off, they arent concerned about security holes…but the release was definately iPhone related. Its been announced that ALL the third party applications will use and be developed using the Safari platform…so obviously they released Safari on Windows so that Windows users who buy the iPhone can actually DEVELOPE and take advantage of iPhone APPS!!!!
It has nothing to do with a browser war, i would even venture to say that they don’t give a shit about Safari market share that much. They just want everyone to be able to A. develop, and B. access new apps for their iPhone.
Talking about iPhone failures. Have you seen the Iphone advertisement?. In one shot a guy is holding the iphone and seconds later they change it to a guy with bigger hands to make it look smaller. Pretty tricky, but not enough!
Will iPhone be able to run Skype?
Yes! Skype for iPhone will be released. I think they’re going to do it at the same time that free energy, UFO technology, and Rife machines are disclosed to the public.